CVE-2007-4556
OpenSymphony XWork (used by WebWork and Apache Struts) before 1.2.3, and 2.x before 2.0.4, evaluates inputs as OGNL expressions when altSyntax is enabled. The underlying issue is recursive OGNL processing, which can lead to a denial of service (infinite loop) and, in some cases, remote code execu...